posted by Kwan's 2010. 8. 16. 16:15

1. 사이트 !!

한국 X 스X츠 협회 : http://www.x-sxxxts.or.kr
씨X통 : http://www.cixxxxng.com/
레이XX 클럽 : http://www.rxxexx.co.kr  
주X자 XX  : http://zxxxnxx.jxxns.com 
미스터 XX  : http://www.mxpxzxx.co.kr
서울 XXXX : http://www.seoulxxxx.or.kr  
천XXX법인 : http://www.chxxxxtax.co.kr
건XXX회 : http://www.arxxxdb.com
강남XXX상담실 : http://sxxxdxxsil.or.kr
벼X XX : http://xxxtomer.fxxxall.co.kr
한국XX기술 : http://www.culxxxexxcx.co.kr

2 . 중국 유포 사이트

http://xxx.game.mop.com
http://xxx.yx007.com
http://xxxs.512ms.com
http://www.pxxo.com
http://rxxxtunnel.chd.edu.cn
http://xxx.yx007.com

3. 유포지 !!

한국 X 스X츠 협회 , 씨X통 : http://xxx.1x3.xx.1x7/R.asp

레이XX 클럽 : http://2x0.1xx.1xx.x5/W.asp ~> 발견당시 서버 죽음 !!

주X자 XX  : http://2xx.6x.xx.6x/ixxm/click.asp

미스터 XX  : http://www.8xx8xx.com.xx/xxche/ad.htm

서울 XXXX , 천XXX법인 , 건XXX회 , 강남XXX상담실 , 벼X XX , 한국XX기술

: http://www.xxx.xx/Cxxhes/ad.htm

4. 중국 유포지 !!

1. http://xxx.game.mop.com : http://www.xxx.cn/ucenter/images/games.html?用户注册

2. http://xxx.yx007.com : http://event.xxxxx.com/dabao/public/js/dh/64.html

3. http://xxxs.512ms.com : http://asxx.alixxxx.vu.cx:171/win7/124/a.jpg

4. http://www.pxxo.com : http://hkxxxx07.xx66.oxx:7xx8/x/index.html ~> 서버죽음

5. http://rxxxtunnel.chd.edu.cn : http://xox.gxxesxxx.cn/banner.swf

6. http://xxx.yx007.com : http://evexx.yoxxx.com/dxxax/pxxlix/xs/xh/64.html

5. 최종파일 !!

R.asp : http://inxxx.kxxxta.co.kr/cxxxents/r.exe

W.asp : http://www.kxxcxx.or.kr/bxxrd/w.exe ~> 서버죽음 !!

click.asp : http://sxx.gaxxxx.com/ixx/admin.exe

ad.htm : http://www.17xxx.cx/ixxxxs/s.exe 

games.html : http://www.xxx.cn/uxxnxxr/imxxxs/update.exe ~> XOR 변형 필요 !!

64.html : http://blog.mxxxx.com/data/dh.exe

a.jpg : http://web.xxx.xx.cn:6xx8/Dxxn/xy/124.exe

index.html : http://88itj.3xx2.org:7xx8/1/kav.exe ~> 서버 죽음 !!

banner.swf : http://xxxx.gaxxx5xx.cn/uusee.exe

6. 바이러스 토탈 !!

R.asp : http://www.virustotal.com/file-scan/report.html?id=686fffcc96b1b896fe9bc6a71fc240acee89f411af226ab865211ea46211a779-1281940182

click.asp : http://www.virustotal.com/file-scan/report.html?id=209d62743988de70dcbb5c4df5965863cacfde2cd4279cd996e8448c47720e40-1281940401

ad.htm : http://www.virustotal.com/file-scan/report.html?id=7400f9036c8049127d86b302e7b96c20159642a6b0f7a969fa65112d2e5710e4-1281940411

games.html : http://www.virustotal.com/file-scan/report.html?id=861bb732b43d44e6323e4ca1e5222d382d708f396bbfb5041b9adf3a6affc3d0-1281940444

64.html : http://www.virustotal.com/file-scan/report.html?id=8e099227dd435abff11c4b045fba6cd2c6ab46abe161f80b60072caccba4c8eb-1281940470

a.jpg : http://www.virustotal.com/file-scan/report.html?id=72222c3f34753aa7f0714ecc922a607d412f0c10e0d6f8bacc1499bdf8a1e2e2-1281940480

index.html : 서버 죽음 !!

banner.swf : http://www.virustotal.com/file-scan/report.html?id=6206545ec7c9b131fd37071d69baa00aef99748447dc5535509156da37ad9656-1281940534

r.exe : http://www.virustotal.com/file-scan/report.html?id=b91956e065993292fef0b785f4973e07b5bbb17a18ebda3ed2a6040bb59b1f7d-1281940595

w.exe : 서버 죽음 !!

admin.exe : http://www.virustotal.com/file-scan/report.html?id=2df4d0206033be709e8555581fd670ce033693671b8651ab472a4c6d2ca4d1c3-1281940629

s.exe : http://www.virustotal.com/file-scan/report.html?id=b352af5dd49a82f469cc9714b9d585d2362c2523d358f84f7520175b5613a195-1281940656

update.exe : http://www.virustotal.com/file-scan/report.html?id=5c653bea6ec9c368ec087c87495ff62a1dd9851f71adbec2e348e1f32b7852cd-1281940673

update.exe_Kwan : http://www.virustotal.com/file-scan/report.html?id=e6ac40e87931d19a1e2426006d1446a9d2d3fe1cddcc4094b173b7a6b6828bdb-1281940764

dh.exe : 서버 죽음 !!

124.exe : http://www.virustotal.com/file-scan/report.html?id=91cdef9b36d07a05150eb3c87a31cb1dd1ff393ca8d37523e0486d9873656000-1281940777

kav.exe : 서버 죽음 !!

uusee.exe : http://www.virustotal.com/file-scan/report.html?id=addc5313573b208a6b1caffc6d9726c250abc12d8e604373e903faaeca93499f-1281940788

7 . 기타 발견 및 14일자 네이트온 악성 코드 !!

네이트온 악성코드 : www.txxxxxdx.com

[바이러스 토탈]

vfkdls.exe : http://www.virustotal.com/file-scan/report.html?id=f8ca6896ff4fe3e993b717fb4a743ea0c49f02d8e36358adc037f391118e8186-1281941157

기타 발견 한곳 : http://1xx.xx.1x5.1xx/A.asp

최종파일 : http://www.koxxx3s.org/kxrxxxs/xxlxxdx/xxxxce/c.exe

[바이러스 토탈]

A.asp : http://www.virustotal.com/file-scan/report.html?id=572bd8a2184acd9d63ad348fd1ae552d692220fb30ee99bd70aac5bb5e4504b8-1281941241

c.exe : http://www.virustotal.com/file-scan/report.html?id=dd23b8482aa1b379623b1fe6636b5ca9001bc405736657a5d95ae4ba951e2e1d-1281941248

8. 신고한 곳 및 진단 사항 !!

[안철수 연구소]

1. update.exe ~> 분석중
2. count.0tml ~> 분석중 
3. R.asp ~> 분석중
4. banner.swf ~> 분석중
5. update.exe_Kwan ~> V3 : Win-Trojan/Xema.variant
6. uusee.exe ~> V3 : Packed/Upack 
7. uusee.exe_Kwan ~> V3 : Packed/Upack
8. vfkdls.0xe ~> V3 : Dropper/Malware.97280.HJ(추가 : 2010.08.16.01) 
9. r.exe ~> V3 : Win-Trojan/Downloader.113090(추가 : 2010.08.16.01)
10. yahoo.0s ~> V3 : JS/Exploit(추가 : 2010.08.13.04)
11. hcp.0tml ~> V3 : HTML/Exploit(추가 : 2010.08.13.04)
12. games.html ~> V3 : JS/Exploit(추가 : 2010.08.13.02)
13. 64.html ~> V3 : JS/Exploit(추가 : 2010.08.13.02)
14. s.0xe ~> V3 : Dropper/Malware.40960.GV(추가 : 2010.08.12.02) 
15. ad.0tm ~> V3 : HTML/Downloader(추가 : 2010.08.12.01)
16. news.0tml ~> V3 : HTML/Agent(추가 : 2010.08.12.01)
17. A.0sp ~> V3 : JS/Exploit(추가 : 2010.08.10.06)
18. c.0xe ~> V3 : Dropper/Onlinegamehack.111642(추가 : 2010.08.09.01)
19. admin.exe ~> V3 : Win-Trojan/Onlinegamehack.55296.S(추가 : 2010.08.07.00)
20. click.asp ~> V3 : JS/Exploit(추가 : 2010.08.07.00) 
21. a.jpg ~> V3 : VBS/Agent(추가 : 2010.08.06.03) 
22. 124.exe ~> V3 : Win-Trojan/Agent.18420.C(추가 : 2010.08.06.01)

[이스트 소프트] 

모든 샘플 오늘 DB에 전부 반영 !!

[네이버 백신]

일부 샘플 반영 되었고 추후에 DB에 전부 반영 !!
참고 : 샘플은 네이버 , 이스트 소프트 , 안철수 연구소로 전송하며
안철수연구소는 웹신고를 하며 이스트 소프트와 네이버는 지인분들께 전달하고 그에 따른
피드백을 받아서 글을 쓴것입니다. 안철수연구소 처럼 진단명은 모르지만 DB에 반영 된것은 알수가 있습니다!

9. 잡담 및 이번주 도와 주신분 !!

진짜 오랜만에 글을 쓰는거 같네요~ 요즘 뭐하기가 왜이리 귀찮은지 !!
그래도 꽤 모아서 다행이나마 조금 도움이 되었으면 하네요~
정기적으로 쓰다가 또 몇주 빼먹고 나니 이제는 완전 귀찮음에 눈팅만 하고있습니다.
이제 곧 있음 개학이고 개학뒤에는 방학이고 방학 뒤에는 군대를?? 흑.....
뭐 아무튼!!ㅎ 끝까지 읽어주신분께 감사합니다 !!! 남은 여름 즐겁고 알차게 보내세요~

이번주 도와 주신 분 : 없음 !!


댓글을 달아 주세요

posted by Kwan's 2010. 7. 27. 10:23

1. 사이트 !!
한국 X 스X츠 협회 : http://www.x-sxxxts.or.kr
씨X통 : http://www.cixxxxng.com
SSO XXX : http://sso.xxx.co.kr
씨X마 XXX : http://cixxma.xxx.co.kr

2. 유포지 !!

한국 X 스X츠 협회 , 씨X통 : http://2x8.xx.58.1x5/H.asp

SSO XXX : http://1x4.2xx.87.1xx/Login.asp

씨X마 XXX : http://junxxoxanix.nexxicient.co.kr/sub_logo1.jpg
                  http://junxxoxanix.nexxicient.co.kr/aad.jpg ~> 최종파일 다운 !!
                  http://junxxoxanix.nexxicient.co.kr/aac.jpg
                  http://junxxoxanix.nexxicient.co.kr/aab.jpg

3. 기타 사이트 !!

1. http://wxxx.com

2. http://axurxxrpoxxtion.com/ccc.html

4. 최종파일 !!

H.asp : http://lxxxxllxxtion.net/mxxl/coxx/pxxup/f.exe

Login.asp : http://1x1.xx.2x8.xx/fxx/723.exe

aad.jpg : http://junxxoxanix.nexxicient.co.kr/test0.exe

index.html : http://www.vxxx.com/vie.exe ~> XOR 변형이 필요 합니다 !

ccc.html : http://axurxxrpoxxtion.com/report.exe

5. 바이러스 토탈

H.asp : http://www.virustotal.com/ko/analisis/fcbf0d507d897dc20e265fbe95724c644a4510910a69aeca7a70ffde249b5919-1280191608

Login.asp : http://www.virustotal.com/ko/analisis/5e36eb37398661286f8f727151eef253c5a7c8fa2ae48c17ddaf33d4bac0a2b0-1280191644

sub_logo1.jpg : http://www.virustotal.com/ko/analisis/a47776d166630a90ffa0a5705bd64cee84d3dd8a5023f8fd261ec995c7ef03c6-1280191678

aad.jpg : http://www.virustotal.com/ko/analisis/aee86dd58e548b6d43ca35670a4c2feb17ed5482e40e444fa93ab32509d56c87-1280191799

aac.jpg : http://www.virustotal.com/ko/analisis/431413212a9208744e7acc90561aef3613b15755f64f57c07300ca8f0e381d3f-1280191806

aab.jpg : http://www.virustotal.com/ko/analisis/2815c9c001eb7eef52e81811035bb08d8034bbeb7700ee7e44f46e8119ae2aaf-1280191811

index.html : http://www.virustotal.com/ko/analisis/273972df000bc0dfa9cd2e11e7139472bee63cc41c07685865e5624c62db441f-1280191931

ccc.html : http://www.virustotal.com/ko/analisis/a71f4600dc72ed82ea6e87646407eb4810590d98c3acc9e7d069281d33781201-1280191940

f.exe : http://www.virustotal.com/ko/analisis/4d24d4def8391f63a4a118635d7978ab1fd048dd204534144c8f5c408c4c9db5-1280191960

723.exe : http://www.virustotal.com/ko/analisis/44cb7f3df7b99bec7ffca0653841e80e57e6b17dcd4c7186d6645009faa58d05-1280192056

test0.exe : http://www.virustotal.com/ko/analisis/4458f629bc535508942343b9b667f34ca4050db90126d737de97e460b0dbde79-1280192062

vie.exe : http://www.virustotal.com/ko/analisis/b12a75ce4508cc18049b9ddf40882162c127a94e8a82944d8d18af169b0257fa-1280192079

vie.exe_Kwan : http://www.virustotal.com/ko/analisis/61a4c0edede4eea39a0145e222fb74a8d1af757ab5dc510f2c395893285cebcc-1280192262

report.exe : http://www.virustotal.com/ko/analisis/83fcb1c44627d254b8fcab19044a5857a765de798885302451f65e5a74de2b38-1280192210

6. 안철수연구소 및 이스트 소프트 진단 !

이스트 소프트 : 샘플 세부 확인중 !!

[안철수 연구소]

1. index.html ~> 분석중
2. vie.exe ~> 분석중
3. sub_logo1.jpg ~> 분석중
4. vie.exe_Kwan ~> 분석중
5. ccc.html ~> 분석중
6. H.asp V3 : JS/Downloader(추가 : 2010.07.26.02)
7. aad.jpg V3 : JS/Agent(추가 : 2010.07.26.02)
8. f.exe V3 : Win-Trojan/Onlinegamehack.109928(추가 : 2010.07.26.02)
9. test0.exe V3 : Win-Trojan/Malagent.55296(추가 : 2010.07.26.01)
10. 723.exe V3 : Win-Trojan/Pwstealer.55296.F(추가 : 2010.07.24.00)
11. Login.asp V3 : HTML/Downloader(추가 : 2010.07.24.00)
12. report.exe V3 : Win-Trojan/Downloader.148480.F(추가 : 2010.07.23.02)
13. aac.jpg V3 : JS/Exploit(추가 : 2010.07.19.00)
14. aab.jpg V3 : JS/Exploit(추가 : 2010.07.19.00)

이번주도 유포하는 곳만 찾았네요. 이제는 새로운곳이 거의 없는거 같아요 !!
이제는 또 감을 잃어버리고 있네요. 

이번주 도와주신분 : 없음

댓글을 달아 주세요

  1. virusfree 2010.07.27 10:48 신고  Addr  Edit/Del  Reply

    수고하셨습니다.^^

    • Kwan's 2010.07.27 10:51 신고  Addr  Edit/Del

      감사합니다~ㅎ 별 내용도 아닌글인데 좋게 봐주셔서 감사합니다!ㅎ 무더운데 고생이 많으시겠어요~ㅎ

posted by Kwan's 2010. 7. 19. 19:57

1. 사이트 !!

리XX타 : http://www.revxxxxxar.net
한국 X 스X츠 협회 : http://www.x-sxxxts.or.kr
씨X통 : http://www.cixxxxng.com
SSO XXX : http://sso.xxx.co.kr
씨X마 XXX : http://cixxma.xxx.co.kr

2. 유포지 !!

리XX타 : 파일이 많은 관계로 최종파일 받는곳만 씁니다 !!

http://www.cnxxxseed.xxx/templates/weentrue/root/ah1.js ~> 최종파일 다운 !!http://www.cnxxxseed.xxx/templates/weentrue/root/AHHS3.js ~> 최종파일 다운 !!http://www.cnxxxseed.xxx/templates/weentrue/root/n93.jpg ~> 최종파일 다운 !!

한국 X 스X츠 협회 , 씨X통 : http://www.kxxx.info/mm.asp

SSO XXX : http://1x4.2xx.87.1xx/Login.asp

씨X마 XXX : http://imxxxx.xxx.co.kr/editor/uploads/popup.html
                  http://imxxxx.xxx.co.kr/editor/uploads/aad.js ~> 최종파일 다운 !!
                  http://imxxxx.xxx.co.kr/editor/uploads/aac.js
                  http://imxxxx.xxx.co.kr/editor/uploads/aab.js

 3. 최종파일

ah1.js , AHHS3.js , n93.jpg :  http://www.mixxxxxx.com/cxs/kr.exe

mm.asp : http://lxxxollxxxion.net/mxxl/coxx/poxxx/f.exe

Login.asp : http://1x1.xx.2x8.x1/xxp/ad.exe

aad.js : http://jxnggoxxxxxx.nexxxcient.co.kr/test0.exe 

4. 바이러스 토탈 결과

ah1.js : http://www.virustotal.com/ko/analisis/3fc867de6d6d2e89cd5a870ca3f07570e9e10e22dfdf7cc6aa1febab5e4e75fe-1279535517

AHHS3.js : http://www.virustotal.com/ko/analisis/fa8f0e17e7e227cb79bae713dbd1665a1df3116f3ca15a9b190d9a14c16d0e8f-1279535521

n93.jpg : http://www.virustotal.com/ko/analisis/150935ca052ba838e462250fdfde8746817e82bb5e0f7339f0f8a4126d2c7740-1279535524

mm.asp : http://www.virustotal.com/ko/analisis/7917b30c7f56ccc9c194d17976d6e3ce0735e3007331401fd4bbd600622b6200-1279535697

Login.asp : http://www.virustotal.com/ko/analisis/2d2f9ce4c151f7db6627aafc18ec53dcfaa1622b9c934dbf5f4f7aeb75e33b54-1279535710

popup.html : http://www.virustotal.com/ko/analisis/90f2178be9c22ee2298ed4bbb57c6d5f6a9a1a84a9589dbd1c223cae6a58ff7d-1279535701

aad.js : http://www.virustotal.com/ko/analisis/c9477ac8c925f5417e8acc7901977cb39ce42271a55e0fd8221aed8a3c63a8ba-1279535789

aac.js : http://www.virustotal.com/ko/analisis/431413212a9208744e7acc90561aef3613b15755f64f57c07300ca8f0e381d3f-1279535795

aab.js : http://www.virustotal.com/ko/analisis/2815c9c001eb7eef52e81811035bb08d8034bbeb7700ee7e44f46e8119ae2aaf-1279535813

kr.exe : http://www.virustotal.com/ko/analisis/148ae041d940ef84b026eda6639890b5ed1ebe458c8dfb7798353ae666d71e1a-1279535905

 f.exe : http://www.virustotal.com/ko/analisis/c379db3ce819b6916c9d78711d6250368fd6a96456904e2bb904be2d8a52cfa6-1279535913

ad.exe : http://www.virustotal.com/ko/analisis/bb0478fe1cdc4a04644adf57129d40af3aecc82588652e7e06ec87c98f6fdeaa-1279535946

test0.exe : http://www.virustotal.com/ko/analisis/9891cae8f95c95ab83b9b2ade292a36ed6c6ee24c771ba256f6abb07f1bb0306-1279536063

5. 국내 신고업체 진단 !!

[이스트 소프트]

샘플 업데이트 완료 및 일부 샘플 분석중 !!

[안철수연구소]

1 AHHS3.js ~> 악성
2 xi.htm ~> V3 : JS/Agent(추가 : 2010.07.16.00)
3 a7.htm ~> V3 : JS/Agent(추가 : 2010.07.16.00)
4 xf.htm ~> V3 : JS/Agent(추가 : 2010.07.16.00)
5 nivea2.htm ~> V3 : JS/Zapchast(추가 : 2010.07.16.00)
6 nivea.htm ~> V3 : JS/Exploit(추가 : 2010.07.16.00)
7 n99.jpg ~> V3 : JS/Agent(추가 : 2010.07.16.00)
8 n97.jpg ~> V3 : JS/Agent(추가 : 2010.07.16.00)
9 n95.jpg ~> V3 : JS/Agent(추가 : 2010.07.16.00)
10 n93.jpg ~> V3 : JS/Agent(추가 : 2010.07.16.00)
11 ah1.js ~> V3 : JS/Exploit(추가 : 2010.07.16.00)
12 ah2.js ~> V3 : JS/Zapchast(추가 : 2010.07.16.00)
13 ah3.js ~> V3 : JS/Zapchast(추가 : 2010.07.16.00)
14 AHHS.js ~> V3 : JS/Agent(추가 : 2010.07.16.00)
15 AHHS2.js ~> V3 : JS/Agent(추가 : 2010.07.16.00)
16 f0.htm ~> V3 : JS/Agent(추가 : 2010.07.16.00)
17 ff.html ~> V3 : JS/Agent(추가 : 2010.07.16.00)
18 ff.js ~> V3 : JS/Agent(추가 : 2010.07.16.00)
19 ie.html ~> V3 : JS/Agent(추가 : 2010.07.16.00)
20 ie.js ~> V3 : JS/Agent(추가 : 2010.07.16.00)
21 kr.exe ~> V3 : Dropper/Muldrop.49944(추가 : 2010.07.16.00)
22 n90.jpg ~> V3 : JS/Exploit(추가 : 2010.07.16.00)
23 a6.htm ~> V3 : JS/Agent(추가 : 2010.07.07.00)
24 fice.htm ~> V3 : JS/Agent(추가 : 2010.07.07.00)
25 ah0.js ~> V3 : JS/Exploit(추가 : 2010.07.06.02)
26 ecfl.htm ~> 정상
27 top.html ~> 정상
28 max.gif ~> 정상
29 swfobject.js ~> 정상
30 snow.htm ~> 정상
31 ad.exe ~> 분석중
32 test0.exe ~> V3 : Win-Trojan/Injection.5748(추가 : 2010.07.19.01)
33 aad.js ~> V3 : JS/Exploit(추가 : 2010.07.19.00)
34 Login.asp ~> V3 : JS/Exploit(추가 : 2010.07.19.00)
35 mm.asp ~> V3 : JS/Exploit(추가 : 2010.07.19.00)
36 popup.html ~> V3 : JS/Exploit(추가 : 2010.07.19.00)
37 aac.js ~> V3 : JS/Exploit(추가 : 2010.07.19.00)
38 aab.js ~> V3 : JS/Exploit(추가 : 2010.07.19.00)
39 f.exe ~> V3 : Win-Trojan/Onlinegamehack.109247(추가 : 2010.07.19.00)

기타 사항 : aad.js , aac.js 는 안랩만 현재 진단중 !!

오늘이 벌써 초복이네요 !! 다들 닭은 뜯으셨는지요??ㅋ 전 아침에 삼계탕에 한그릇을 뚝딱했습니다!
이번주에는 5곳 밖에 발견을 하지 못했네요. 이제는 점점 또 줄어들고 있는거 같습니다.
뭐 아무튼 무더위에 카페여러분 모두 조심하시고 즐거운 하루 보내세요!!
추후 진단 사항은 댓글을 참조 해주세요 !!

댓글을 달아 주세요

posted by Kwan's 2010. 7. 12. 12:58

1. 사이트 !!

큐x텔 : http://www.cxxxxtel.com/html

보안xx : http://www.bxxx.com

세x즌 : http://www.cxxxzen.com

한국 x xxx 협회 : http://www.x-xxxrts.or.kr

게xx임 : http://www.gaxxxxme.co.kr/main.asp

플xx 3x5 : http://fxxxx3x5.korea.com

메xx서울 : http://www.mxxxxseoul.co.kr

2. 유포지 !!

큐x텔 : http://1xx.4x.1x9.2xx/css/Lib.asp

보안xx : http://58xxx.com/js.js
            http://58xxx.com/ad.htm
            http://58xxx.com/top.jpg ~> 최종파일 다운 !!
            http://58xxx.com/cook.jpg
            http://58xxx.com/cook1.jpg
            http://58xxx.com/root.jpg

세x즌 : http://study.xxxx.or.kr/comm/hong/x.jpg
          http://study.xxxx.or.kr/comm/hong/a.jpg ~> 최종파일 다운 !!
          http://study.xxxx.or.kr/comm/hong/b.jpg
          http://study.xxxx.or.kr/comm/hong/c.jpg
          http://study.xxxx.or.kr/comm/hong/d.jpg
          http://study.xxxx.or.kr/comm/hong/i7.htm ~> 최종파일 다운 !!

한국 x xxx 협회 : http://1xx.4x.1x0.1xx/poll/k.asp

게xx임 : http://37xxx.com/0709.htm

플xx 3x5 : http://image.cixxxx.com/cixx21/xxxicle/2xxx/1231/K0000002_iel48406.html?컵켱 ~> 최종파일 다운 !!
              http://image.cixxxx.com/cixx21/xxxicle/2004/1231/K0000002_cul48407.html?耭쯩딩 ~> 최종파일 다운 !!

메xx서울 : http://ac.gexxxr.com/x/time.asp

3. 기타 사이트 !!

1. http://gft54577.xxxx.org:xx77/m/index.html ~>  http://gft54577.3xx2.org:6677/x/index.html 변조!!

2. http://cxx2.xxxx.org:88/xo/xi05.htm ~> http://cpm2.XX66.org:88/Xo/Xi05.htm : JS:CVE-2010-0806-AK

4. 최종파일 !!

Lip.asp , k.asp :  http://61.1X0.1.XX/css/isa.exe 

top.jpg : http://58XXX.com/tt.exe 

a.jpg , i7.htm : http://www.gXXXc.or.kr/html/gg.exe

0709.htm : http://XXXc1.com/0709.exe ~> XOR 변형 필요 !!

K0000002_iel48406.html?컵켱 : http://2X2.2XX.XX.243/db/update/update.exe ~> XOR 변형 필요 !!

timp.asp : http://www.roXXX1X4.com/cXXX/hXXp/box.exe

index.html : http://XXsifyanfka700.XXXX.org:6677/m/mtv.mdb

xi05.htm : http://XXX.ses99s.cn:XX/x5.exe

5. 바이러스 토탈 결과 !!

Lip.asp , k.asp : http://www.virustotal.com/ko/analisis/1d373a0cd0b239795370655695fb7db3138ab1aa1a4cb4df676f72150d82a7b9-1278904755

ad.htm : http://www.virustotal.com/ko/analisis/6f4fc46e4dfd66395a4409854deca6226171a11cb6aae462339cab8574dcad75-1278904740

top.jpg : http://www.virustotal.com/ko/analisis/a8e7a5591fc7214c80975a9cfd174891e7b96611d4da26fde330301417528fc8-1278905008

cook.jpg : http://www.virustotal.com/ko/analisis/4f6408d2b48a2ba706c6cbe16c8c849c3d296d199f9eaf3a851cf819912b13f0-1278904996

cook1.jpg : http://www.virustotal.com/ko/analisis/13ce3060a82619b76c430af3251d2b138eea57e84737da8f824cc365526625b3-1278904999

root.jpg : http://www.virustotal.com/ko/analisis/25e775d8df15348f9ddb19ef609dc890f1e88ed12f04731cd4d8120371d66128-1278905144

a.jpg : http://www.virustotal.com/ko/analisis/a0a69a87e30528c203f8382fbbc751426c31e22ebadf66e9b93dab94e0f0b79d-1278905114

i7.htm : http://www.virustotal.com/ko/analisis/85488952cfa5042ab6a4b6f06802dfaae9ae2632ad0c485104133211f0645629-1278905148

0709.htm : http://www.virustotal.com/ko/analisis/f339328556c643365d11206bd198f19193db8ecee8cc22d6a647bd013a4f0595-1278905215

K0000002_iel48406.html : http://www.virustotal.com/ko/analisis/daff099b6b326c61521be93fa3727057fed1b080ce088ca3e7a24cbed27ef7a4-1278905223

xi05.htm : http://www.virustotal.com/ko/analisis/ed4989eda720d6fef0536965de85aa27498773f7c3f5827f13583c64e987c868-1278905452

isa.exe : http://www.virustotal.com/ko/analisis/4a683f1f89684278d25be8ed9531400755fc057cb69b07c9fcdca82b928abb29-1278905459

tt.exe : http://www.virustotal.com/ko/analisis/d1c6030f80ad761f316b999eac1b6eff801124f37b2ba352daf97bb752e051f9-1278905516

0709.exe : http://www.virustotal.com/ko/analisis/05d8b59bc57cf452cb5d6713d254876c3f2e147e47f27aa3bef472a1a91e82f6-1278905551

update.exe : http://www.virustotal.com/ko/analisis/9bb63dbcc20b0611760e47b0d10399a05f0c91cb9cfd0d8b99c5c59040b50283-1278905560

box.exe : http://www.virustotal.com/ko/analisis/6d71ea5053c11ebdb76591175c3eeb92209bf20afbe146305ddeb806f9061a18-1278905591

mtv.mdb : http://www.virustotal.com/ko/analisis/962febb5db8cc602bd11890c47ed1ec102996d0339a440ef1e97e7d797dd098f-1278905742

x5.exe : http://www.virustotal.com/ko/analisis/6932cc1719b7c871feda078417349b39514a680dabe8409ddf59f07bac2e135c-1278905747

샘플신고 : 이스트 소프트 , 안철수연구소

[이스트 소프트]

샘플 전송 완료 , 빠른 시일내에 업데이트 !!

[안철수연구소]

1. 0709.exe ~> 분석중
2. 0709.htm ~> 분석중
3. update.exe ~> 분석중
4. tt.exe ~> 악성
5. top.jpg ~> 악성
6. root.jpg ~> 악성
7. 3964750.js ~> 악성
8. a.jpg ~> 분석중
9. ad.htm ~> 악성
10. cc.jpg ~> 분석중
11. cook.jpg ~> 악성
12. cook1.jpg ~> 악성
13. gg.exe ~> 분석중
14. i7.htm ~> 분석중
15. isa.exe ~> 분석중
16. K0000002_iel48406.html ~> 분석중
17. x5.exe ~> V3 : Packed/Upack
18. box.exe ~> V3 : Win-Trojan/Magania.55296.N(추가 : 2010.07.09.05)
19. xi05.htm ~> V3 : HTML/Agent(추가 : 2010.07.09.00)
20. mtv.mdb ~> V3 : Win-Trojan/Downloader.43388(추가 : 2010.07.08.00)
21. k.asp ~> V3 : JS/Downloader(추가 : 2010.04.23.02)
 

이번주는 약간의 모니터한 보람이 있네요. 이제는 거의 제가 모아놓은 유포지 메모장이 있으니 대부분
쉽게 찾을수 있네요 !! 아직까지 그렇게 많이 찾은것은 아니지만 !! 나중에 군대가기전에 공유를 하고 가야겠어요!검색할필요도 없고 나름 저에게는 편한거 같네요!!그래도 많이 부족하니 많은 도움을 주세요!!!이번 한주도 즐겁고 편안하게 보내세요!!!

이번주 도와 주신분 : 없음 !!

[ 이전글 ]

[security/악성코드 유포] - 보안xx 현재 악성코드 유포중 !!
[security/악성코드 유포] - 휴대폰 통신사 큐x텔 악성 스크립트 삽입 !!
[security/악성코드 유포] - http://cpm2.XX66.org:88/Xo/Xi05.htm : JS:CVE-2010-0806-AK
[security/악성코드 유포] - http://gft54577.3xx2.org:6677/x/index.html 변조!!
[security/악성코드 유포] - TR/Bagle.trash (AntiVir) !!
[security/악성코드 유포] - http://cpm2.XX66.org:88/Xo/Xi05.htm : JS:CVE-2010-0806-AK

댓글을 달아 주세요

  1. Kwan's 2010.07.12 17:58 신고  Addr  Edit/Del  Reply

    1 x5.exe ~> V3 : Packed/Upack
    2 update.exexx ~> V3 : Win-Trojan/Onlinegamehack.55296.I(추가 : 2010.07.12.00)
    3 0709.exexx ~> V3 : Win-Trojan/Buzus.81920.DT(추가 : 2010.07.12.00)
    4 tt.exe ~> V3 : Win-Trojan/Onlinegamehack.81920.AZ(추가 : 2010.07.12.00)
    5 top.jpg ~> V3 : JS/Exploit(추가 : 2010.07.12.00)
    6 root.jpg ~> V3 : JS/Agent(추가 : 2010.07.12.00)
    7 K0000002_iel48406.html ~> V3 : JS/Exploit(추가 : 2010.07.12.00)
    8 isa.exe ~> V3 : Win-Trojan/Agent.55296.IE(추가 : 2010.07.12.00)
    9 gg.exe ~> V3 : Win-Trojan/Buzus.120320.Y(추가 : 2010.07.12.00)
    10 3964750.js ~> V3 : JS/Downloader(추가 : 2010.07.12.00)
    11 a.jpg ~> V3 : JS/Agent(추가 : 2010.07.12.00)
    12 ad.htm ~> V3 : JS/Exploit(추가 : 2010.07.12.00)
    13 cook.jpg ~> V3 : JS/Agent(추가 : 2010.07.12.00)
    14 cook1.jpg ~> V3 : JS/Agent(추가 : 2010.07.12.00)
    15 box.exe ~> V3 : Win-Trojan/Magania.55296.N(추가 : 2010.07.09.05)
    16 xi05.htm ~> V3 : HTML/Agent(추가 : 2010.07.09.00)
    17 mtv.mdb ~> V3 : Win-Trojan/Downloader.43388(추가 : 2010.07.08.00)
    18 k.asp ~> V3 : JS/Downloader(추가 : 2010.04.23.02)
    19 cc.jpg ~> 정상
    20 i7.htm ~> 정상
    21 0709.htm ~> 정상

posted by Kwan's 2010. 5. 17. 12:26

1. 사이트

한국 E 스포츠 협회 : http://www.xrogamer.or.kr 
대명 리조트 : http://www.xaemyungresort.com/asp/main.asp0
프루나 : http://www.xruna.com
프루나 서치 : http://vxd.xruna.com/search/search_list3.asp0
CJ 엔터테인먼트 : http://www.xjent.co.kr
SSO KBS : http://sso.xbs.co.kr
시네마 Kbs : http://xnema.kbs.co.kr
씨네통 : http://www.xnetong.com
게임타임 : http://www.xametime.co.kr/main.asp
 
2. 유포 사이트

1. 한국 E 스포츠 협회
http://61.100.9.219/club/xod.asp  ~> 서버 살아있음!
http://61.100.7.171/css/xib.asp ~> 서버 죽음!
http://97.xx.8x.1x8/xM.asp ~> 서버 살아있음!

2. 대명 리조트
http://61.100.9.219/club/xod.asp ~> 서버 살아있음!

3. 프루나
http://61.100.9.219/club/xod.asp  ~> 서버 살아있음!

4.프루나 서치
http://vxd.xruna.com/search/xearch_list3.asp ~> 서버 살아있음!

5. CJ 엔터테인먼트
http://61.100.7.171/css/xib.asp ~> 서버 죽음!
http://ac.gemmir.com/t/xime.asp ~> 서버 죽음!

6. SSO KBS
http://202.133.245.100/xxam.asp ~> 서버 살아있음!

7. 시네마 Kbs
http://220.95.233.16/ads/xime.asp ~> 서버 죽음!

8. 씨네통
http://97.74.87.198/xM.asp ~> 서버 살아있음!
http://www.kpma.or.kr/css/MG.asp0 ~> 서버 살아있음!

9. 게임타임

http://adsys.gametime.co.kr/include/topbenner_s2.asp ~> 서버 살아있음!
http://koreachangup.chosun.com/css/ads.asp ~> 서버 살아있음!

최종파일 :

god.asp , lib.asp : http://x1.100.1.93/css/isa.exe ~> 서버 살아있음!

time.asp : http://www.xobot114.com/cafe/help/box.exe ~> 서버 살아있음!

GM.asp , MG.asp : http://x1.100.1.93/admin/G.exe ~> 서버 살아있음!

sxxxxh_xxx3.asp : http://xile.ygfamily.com/php/i./c.exe ~> 서버 살아있음!

exam.asp : http://xwww.erounmall.com/cache/tmp/514.exe ~> 서버 살아있음!
 
ads.asp : http://xoreachangup.chosun.com/1.exe ~> 서버 살아있음! (XOR 변형 필요)

[바이러스 토탈]

검사 파일: god.asp 전송 시각: 2010.05.17 01:17:28 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 Virus.JS.Downloader.QJ!IK
AhnLab-V3 2010.05.16.00 2010.05.15 JS/Downloader
AntiVir 8.2.1.242 2010.05.16 JS/Drop.A.5851
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-QJ
Avast5 5.0.332.0 2010.05.16 JS:Downloader-QJ
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 Trojan.Script.407264
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 Trojan.Script.407264
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Trojan.Script.407264
Ikarus T3.1.1.84.0 2010.05.17 Virus.JS.Downloader.QJ
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan-Downloader.JS.Agent.fhk
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 Trojan.Script.407264
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 JS/Agent-MZX
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 JS.S.Agent.5851
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5851 bytes
MD5...: 51e7b5fe2fa7ef45de3b3671ba91b011
SHA1..: e6e7dd63b6de5b8b24c5a91d001d23a01de8186b
SHA256: 1d373a0cd0b239795370655695fb7db3138ab1aa1a4cb4df676f72150d82a7b9
검사 파일: GM.asp 전송 시각: 2010.05.17 01:17:38 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.16 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-RN
Avast5 5.0.332.0 2010.05.16 JS:Downloader-RN
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 JS:Downloader-RN
Ikarus T3.1.1.84.0 2010.05.17 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 -
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 -
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5989 bytes
MD5...: 51c8357eff5e42b3143bd7c98e6ebc1e
SHA1..: 7627baf4a5e8e92dd6b20c4692402e79977d510f
SHA256: 2ec43de2fb19f5233450115aa3b75a394735599e8bd370f390f663a58696e88d
검사 파일: god.asp 전송 시각: 2010.05.17 01:17:46 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 Virus.JS.Downloader.QJ!IK
AhnLab-V3 2010.05.16.00 2010.05.15 JS/Downloader
AntiVir 8.2.1.242 2010.05.16 JS/Drop.A.5851
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-QJ
Avast5 5.0.332.0 2010.05.16 JS:Downloader-QJ
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 Trojan.Script.407264
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 Trojan.Script.407264
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Trojan.Script.407264
Ikarus T3.1.1.84.0 2010.05.17 Virus.JS.Downloader.QJ
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan-Downloader.JS.Agent.fhk
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 Trojan.Script.407264
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 JS/Agent-MZX
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 JS.S.Agent.5851
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5851 bytes
MD5...: 51e7b5fe2fa7ef45de3b3671ba91b011
SHA1..: e6e7dd63b6de5b8b24c5a91d001d23a01de8186b
SHA256: 1d373a0cd0b239795370655695fb7db3138ab1aa1a4cb4df676f72150d82a7b9
검사 파일: sxxxxh_xxx3.asp 전송 시각: 2010.05.17 01:21:27 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 JS/Downloader
AntiVir 8.2.1.242 2010.05.16 JS/Drop.A.5851
Antiy-AVL 2.0.3.7 2010.05.14 Trojan/JS.Agent
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-QJ
Avast5 5.0.332.0 2010.05.16 JS:Downloader-QJ
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 JS:Downloader-QJ
Ikarus T3.1.1.84.0 2010.05.17 Trojan-Downloader.JS.Agent
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan-Downloader.JS.Agent.fhk
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 -
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5777 bytes
MD5...: a485b05d5035a168bb7fc3fd38220500
SHA1..: 3685084e053db302445caae2bfd63762ebf3b97b
SHA256: 58c9bbeb8f83242d054b71c3863fe87aba222142409d3b6f5f19e3705ca67bc4
검사 파일: time.asp 전송 시각: 2010.05.17 01:21:37 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 JS/Agent
AntiVir 8.2.1.242 2010.05.16 JS/Agent.fhj.5915
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-QJ
Avast5 5.0.332.0 2010.05.16 JS:Downloader-QJ
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 JS:Downloader-QJ
Ikarus T3.1.1.84.0 2010.05.17 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan-Downloader.JS.Agent.fhj
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 JS/Agent-MZX
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 JS.S.Agent.5915
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5915 bytes
MD5...: e3b64d8ce979fa63217059b0282133cd
SHA1..: 39b332155b7afd4a7e28ccac991550623d2244c0
SHA256: 0c8a3166567a7596f795790209d661e78ab2ac669d6b34bdaf906ba1e35ea399
검사 파일: exam.asp 전송 시각: 2010.05.17 01:22:03 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.16 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-QJ
Avast5 5.0.332.0 2010.05.16 JS:Downloader-QJ
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 JS:Downloader-QJ
Ikarus T3.1.1.84.0 2010.05.17 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 -
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 -
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5902 bytes
MD5...: 8ec3cab47c3e8d7268c24c6f38badb0d
SHA1..: 183e038cac1869814347d31235b804a42d99de0b
SHA256: fe879654e5f88fbedf9d0379dc3860f94b9bdc1e1e9ffd11ed7d7ec3373a2bd1
검사 파일: MG.asp 전송 시각: 2010.05.17 01:25:30 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.16 HTML/Crypted.Gen
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-RN
Avast5 5.0.332.0 2010.05.16 JS:Downloader-RN
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 JS:Downloader-RN
Ikarus T3.1.1.84.0 2010.05.17 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 -
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 -
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5869 bytes
MD5...: fe08120c7b461c030a8921173eecb022
SHA1..: fa2d931502a0a67e30564c7124053784f9566fc6
SHA256: 5dd43a0b8584668a66861b6e3c89ddf3c12a6d3f8f1d6796921e5c332abe7ee4
검사 파일: ads.asp 전송 시각: 2010.05.17 01:25:24 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.16 JS/Redirector.5946
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:CVE-2010-0806-AF
Avast5 5.0.332.0 2010.05.16 JS:CVE-2010-0806-AF
AVG 9.0.0.787 2010.05.16 -
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 JS.Exploit-3
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 -
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 JS:CVE-2010-0806-AF
Ikarus T3.1.1.84.0 2010.05.17 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan.JS.Agent.blf
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.BufferOverflow.D
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 JS/Exploit.DR
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 -
Sophos 4.53.0 2010.05.17 -
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5954 bytes
MD5...: edadff7a5a455341a877f142d8e95474
SHA1..: 1d004d5eb69bf04d39273fd4e4412e7075f612cf
SHA256: 59424da373e7496ded9b6237ba25eb6165557e950c5b7d5ee0dbba9616ef7cf9
검사 파일: isa.exe 전송 시각: 2010.05.17 01:27:47 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 Trojan.Peed!IK
AhnLab-V3 2010.05.16.00 2010.05.15 Malware/Win32.Heur.h4
AntiVir 8.2.1.242 2010.05.16 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.16 Win32:Malware-gen
AVG 9.0.0.787 2010.05.16 Generic17.CAMN
BitDefender 7.2 2010.05.17 Trojan.Peed.Gen
CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 -
F-Secure 9.0.15370.0 2010.05.17 Trojan.Peed.Gen
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Trojan.Peed.Gen
Ikarus T3.1.1.84.0 2010.05.17 Win32.SuspectCrc
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan.Win32.Pincav.aaci
McAfee 5.400.0.1158 2010.05.17 PWS-Mmorpg!pd
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5703 2010.05.17 Trojan:Win32/Malagent
NOD32 5119 2010.05.17 a variant of Win32/Kryptik.DXI
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 Trojan.Peed.Gen
Panda 10.0.2.7 2010.05.16 Trj/CI.A
PCTools 7.0.3.5 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Packer.Win32.UnkPacker.b
Sophos 4.53.0 2010.05.17 Sus/UnkPack-C
Sunbelt 6311 2010.05.17 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 53248 bytes
MD5...: fd71b8a61f60869bd7ed144a685d8f0c
SHA1..: 5c8245ef4222b4d6b89327ac6c03103e83ea4d96
SHA256: 935ad48441eeedcf7e25289b25e1414e9854593ae88c7fe099f22f8b25172a01
검사 파일: box.exe 전송 시각: 2010.05.17 01:27:57 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 Trojan.Peed!IK
AhnLab-V3 2010.05.16.00 2010.05.15 Malware/Win32.Heur.h4
AntiVir 8.2.1.242 2010.05.16 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.16 Win32:Malware-gen
AVG 9.0.0.787 2010.05.16 Generic17.CAGA
BitDefender 7.2 2010.05.17 Trojan.Peed.Gen
CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.17 Trojan.Siggen1.29725
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 -
F-Secure 9.0.15370.0 2010.05.17 Trojan.Peed.Gen
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Trojan.Peed.Gen
Ikarus T3.1.1.84.0 2010.05.17 Trojan.Peed
Jiangmin 13.0.900 2010.05.16 Trojan/Pincav.eta
Kaspersky 7.0.0.125 2010.05.17 Trojan.Win32.Pincav.aabq
McAfee 5.400.0.1158 2010.05.17 PWS-LDPinch!dv
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5703 2010.05.17 Trojan:Win32/Malagent
NOD32 5119 2010.05.17 a variant of Win32/Kryptik.DXI
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 Trojan.Peed.Gen
Panda 10.0.2.7 2010.05.16 Trj/CI.A
PCTools 7.0.3.5 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.Win32.Generic.5204A82F
Sophos 4.53.0 2010.05.17 Sus/UnkPack-C
Sunbelt 6311 2010.05.17 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 53248 bytes
MD5...: a30fc2768e75f68ef44343f08fd15b47
SHA1..: 889dfa9a43afc7c9bc518e11689753b71f2d4c24
SHA256: 8d05acf3084cf9c8118dd1f33cd3fecae66c276b8121004432c8d262f1faa239
검사 파일: G.exe 전송 시각: 2010.05.17 01:28:08 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 Dropper/Killav.104032
AntiVir 8.2.1.242 2010.05.16 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 W32/OnlineGames.DV.gen!Eldorado
Avast 4.8.1351.0 2010.05.16 Win32:Trojan-gen
Avast5 5.0.332.0 2010.05.16 Win32:Trojan-gen
AVG 9.0.0.787 2010.05.16 Dropper.Generic2.JMD
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.17 Trojan.PWS.Gamania.24318
eSafe 7.0.17.0 2010.05.16 Suspicious File
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 W32/OnlineGames.DV.gen!Eldorado
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Win32:Trojan-gen
Ikarus T3.1.1.84.0 2010.05.17 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 -
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.LooksLike.Win32.SuspiciousPE.F
Microsoft 1.5703 2010.05.17 TrojanDropper:Win32/Frethog.K
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 Suspicious file
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.Win32.Generic.5204B340
Sophos 4.53.0 2010.05.17 Mal/EncPk-OD
Sunbelt 6311 2010.05.17 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 Cryp_ACProt
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 Cryp_ACProt
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 104032 bytes
MD5...: 00420ede432ed70c6e0afecff02b9c36
SHA1..: 52f25ee55a23853d709641bf71574834c48ce311
SHA256: 1a0fc735eb5da8c91cdfd27643282d88689741d66d54cc617def08c4d1a10501
검사 파일: c.exe 전송 시각: 2010.05.17 01:30:15 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 Trojan.Peed!IK
AhnLab-V3 2010.05.16.00 2010.05.15 Malware/Win32.Heur.h4
AntiVir 8.2.1.242 2010.05.16 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.16 Win32:Malware-gen
AVG 9.0.0.787 2010.05.16 Generic17.CAGA
BitDefender 7.2 2010.05.17 Trojan.Peed.Gen
CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.17 Trojan.Siggen1.29725
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 -
F-Secure 9.0.15370.0 2010.05.17 Trojan.Peed.Gen
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Trojan.Peed.Gen
Ikarus T3.1.1.84.0 2010.05.17 Trojan.Peed
Jiangmin 13.0.900 2010.05.16 Trojan/Pincav.eta
Kaspersky 7.0.0.125 2010.05.17 Trojan.Win32.Pincav.aabq
McAfee 5.400.0.1158 2010.05.17 PWS-LDPinch!dv
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5703 2010.05.17 Trojan:Win32/Malagent
NOD32 5119 2010.05.17 a variant of Win32/Kryptik.DXI
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 Trojan.Peed.Gen
Panda 10.0.2.7 2010.05.16 Trj/CI.A
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 High Risk Cloaked Malware
Rising 22.47.06.04 2010.05.16 Trojan.Win32.Generic.5204A82F
Sophos 4.53.0 2010.05.17 Sus/UnkPack-C
Sunbelt 6311 2010.05.17 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 53248 bytes
MD5...: a30fc2768e75f68ef44343f08fd15b47
SHA1..: 889dfa9a43afc7c9bc518e11689753b71f2d4c24
SHA256: 8d05acf3084cf9c8118dd1f33cd3fecae66c276b8121004432c8d262f1faa239
검사 파일: 514.exe 전송 시각: 2010.05.17 01:30:20 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 Trojan.Peed!IK
AhnLab-V3 2010.05.16.00 2010.05.15 Malware/Win32.Heur.h4
AntiVir 8.2.1.242 2010.05.16 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.16 Win32:Malware-gen
AVG 9.0.0.787 2010.05.16 Generic17.CAMR
BitDefender 7.2 2010.05.17 Trojan.Peed.Gen
CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 -
F-Secure 9.0.15370.0 2010.05.17 Trojan.Peed.Gen
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Trojan.Peed.Gen
Ikarus T3.1.1.84.0 2010.05.17 Trojan.Peed
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan.Win32.Pincav.aack
McAfee 5.400.0.1158 2010.05.17 PWS-Mmorpg!pd
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5703 2010.05.17 Trojan:Win32/Malagent
NOD32 5119 2010.05.17 a variant of Win32/Kryptik.DXI
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 Trojan.Peed.Gen
Panda 10.0.2.7 2010.05.16 Trj/CI.A
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 High Risk Cloaked Malware
Rising 22.47.06.04 2010.05.16 Trojan.Win32.Generic.5204B11E
Sophos 4.53.0 2010.05.17 Sus/UnkPack-C
Sunbelt 6311 2010.05.17 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 53248 bytes
MD5...: 7a605076c916dbe48c3e4dd67411a643
SHA1..: f64ee054a392de9e98f3f8b22fe7d5c39e18bc37
SHA256: 4b9a72252ab86d78c804287400ddff1e0b31c7de5b8b6c523d2953856f844dd0
검사 파일: 1.exe_xor 전송 시각: 2010.05.17 01:32:39 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 ASD.Prevention
AntiVir 8.2.1.242 2010.05.16 TR/Downloader.Gen
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.05.16 Win32:Rootkit-gen
AVG 9.0.0.787 2010.05.16 Win32/PEPatch.BM
BitDefender 7.2 2010.05.17 Generic.Malware.FBg.5DCBA1EB
CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 Trojan.PWS.Wsgame.20571
eSafe 7.0.17.0 2010.05.16 Suspicious File
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 -
F-Secure 9.0.15370.0 2010.05.17 Generic.Malware.FBg.5DCBA1EB
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Win32:Rootkit-gen
Ikarus T3.1.1.84.0 2010.05.17 Win32.SuspectCrc
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 -
McAfee 5.400.0.1158 2010.05.17 Suspect-02!4C073148EB0A
McAfee-GW-Edition 2010.1 2010.05.16 Artemis!4C073148EB0A
Microsoft 1.5703 2010.05.17 Trojan:Win32/Meredrop
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 Suspicious file
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 -
Sophos 4.53.0 2010.05.17 Mal/Behav-112
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 Malware-Cryptor.Win32.Krap
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 20480 bytes
MD5...: 4c073148eb0ada6ca31e43816d1d402c
SHA1..: c02449696c974ddde708f3e7afc1c573380e99c5
SHA256: 4ec7b8fa64f0cffa559c0f765816f99426bb5f6b1f8341d87e01b5439afed77f

 관련글 : 프루나 무비서치 악성코드 유포중 !!

댓글을 달아 주세요

posted by Kwan's 2010. 5. 11. 22:22

1. 사이트

한국 E 스포츠 협회 : http://www.e-sports.or.kr
대명 리조트 :
http://www.daemyungresort.com/asp/main.asp
프루나 :
http://www.pruna.com
CJ 엔터테인먼트 :
http://www.cjent.co.kr
KBS :
http://sso.kbs.co.kr
조아라 : http://www.joara.com/main.html

주전자 닷컴 :
http://zuzunza.joins.com

2. 유포 사이트

1. 한국 E 스포츠 협회
http://211.218.126.144/css/top.asp ~> 서버 죽음! (V3 : JS/Downloader 추가 : 2010.04.23.02)
http://61.100.7.171/css/lib.asp ~> 서버 죽음!  (V3 : JS/Downloader 추가 : 2010.04.23.02)

 2. 대명 리조트
http://61.100.7.171/css/lib.asp ~> 서버 죽음!
(V3 : JS/Downloader 추가 : 2010.04.23.02)

3. 프루나
http://ac.gemmir.com/t/time.js ~> 서버 죽음!
http://ac.gemmir.com/t/time.asp ~> 서버 죽음!(V3 : JS/Agent 추가 : 2010.04.19.02)

4. CJ 엔터테인먼트
http://61.100.7.171/css/lib.asp ~> 서버 죽음! (V3 : JS/Downloader 추가 : 2010.04.23.02)

5. KBS
http://202.133.245.100/exam.asp ~> 서버 죽음! (V3 : 분석중)

6. 조아라
http://www.gamejil.com/data/css.htm ~> 서버 살아있음! (V3 : 분석중)

7. 주전자 닷컴
http://211.234.118.207/main.html ~> 서버 살아있음 (V3 : 분석중)
http://211.234.118.207/rl.jpg ~> 서버 살아있음 (V3 : 분석중)
http://211.234.118.207/ytl.jpg ~> 서버 살아있음 (V3 : 분석중)
http://211.234.118.207/yt1.jpg ~> 서버 살아있음 (V3 : 분석중)

최종파일 :
top.asp , lib.asp : http://61.100.1.93/css/isa.exe ~> 서버 살아있음 !
(
V3 : Win-Trojan/Pincav.54784.U(추가 : 2010.05.01.00)

time.asp :
http://www.robot114.com/cafe/help/box.exe ~> 서버 죽음 !  (V3 : Win-Trojan/Magania.53248.AA(추가 : 2010.05.07.07)

exam.asp : http://211.76.154.8/vipasp/logo/57.exe ~> 서버 살아있음 !   (V3 : Win-Trojan/Pincav.53248.AZ 추가 : 2010.05.09.00)

css.htm : http://www.gamejil.com/data/data.exe ~> 서버 살아있음 !
                                                          (V3 : 분석중) : XOR 변형이 필요합니다!

main.html ~> yt1.jpg  http://junggomania.nefficient.co.kr/test.exe ~> 서버 살아있음 ! (V3 : 분석중) 

[바이러스 토탈] 

검사 파일: isa.exe 전송 시각: 2010.05.10 00:46:48 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.09 Trojan.Peed!IK
AhnLab-V3 2010.05.09.00 2010.05.08 Win-Trojan/Pincav.54784.U
AntiVir 8.2.1.236 2010.05.09 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.07 Trojan/Win32.Pincav.gen
Authentium 5.2.0.5 2010.05.09 -
Avast 4.8.1351.0 2010.05.09 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.09 Win32:Malware-gen
AVG 9.0.0.787 2010.05.09 Generic17.BKEJ
BitDefender 7.2 2010.05.10 Trojan.Peed.Gen
CAT-QuickHeal 10.00 2010.05.08 Trojan.Pincav.ywu
ClamAV 0.96.0.3-git 2010.05.09 -
Comodo 4800 2010.05.09 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.10 Trojan.Siggen1.24430
eSafe 7.0.17.0 2010.05.09 Win32.PWS.Mmorpg
eTrust-Vet 35.2.7474 2010.05.07 -
F-Prot 4.5.1.85 2010.05.09 -
F-Secure 9.0.15370.0 2010.05.10 Trojan.Peed.Gen
Fortinet 4.1.133.0 2010.05.09 W32/Pincav.YWU!tr
GData 21 2010.05.10 Trojan.Peed.Gen
Ikarus T3.1.1.84.0 2010.05.10 Trojan.Peed
Jiangmin 13.0.900 2010.05.09 Trojan/Pincav.eta
Kaspersky 7.0.0.125 2010.05.09 Trojan.Win32.Pincav.ywu
McAfee 5.400.0.1158 2010.05.09 PWS-Mmorpg!oq
McAfee-GW-Edition 2010.1 2010.05.09 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5703 2010.05.09 Trojan:Win32/Malagent
NOD32 5099 2010.05.10 Win32/PSW.Gamania.NCP
Norman 6.04.12 2010.05.09 -
nProtect 2010-05-09.01 2010.05.09 Trojan.Peed.Gen
Panda 10.0.2.7 2010.05.09 Generic Trojan
PCTools 7.0.3.5 2010.05.07 -
Prevx 3.0 2010.05.10 High Risk Cloaked Malware
Rising 22.46.06.04 2010.05.09 Trojan.Win32.Generic.5202C6D7
Sophos 4.53.0 2010.05.09 Troj/Dload-HL
Sunbelt 6283 2010.05.10 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.05.10 -
TheHacker 6.5.2.0.277 2010.05.10 Trojan/Pincav.ywu
TrendMicro 9.120.0.1004 2010.05.09 TSPY_MAGANIA.KI
TrendMicro-HouseCall 9.120.0.1004 2010.05.10 TSPY_MAGANIA.KI
VBA32 3.12.12.4 2010.05.06 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.5.8.2306 2010.05.09 Trojan.Win32.Pincav.54784.C
VirusBuster 5.0.27.0 2010.05.09 Trojan.PWS.Gamania.BBV
 
추가 정보
File size: 54784 bytes
MD5...: a19b540af7132a86e866be1152256f07
SHA1..: 77715cc29b8911598f5f43bb0b17687267ea75f5
SHA256: 1d109b0ebfebc3d3c960bb7e4ef2917d64c4fef515ab031f1f15d522f0aa7fde
검사 파일: box.exe 전송 시각: 2010.05.10 00:46:56 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.09 Trojan.Win32.Pincav!IK
AhnLab-V3 2010.05.09.00 2010.05.08 Win-Trojan/Magania.53248.AA
AntiVir 8.2.1.236 2010.05.09 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.07 -
Authentium 5.2.0.5 2010.05.09 -
Avast 4.8.1351.0 2010.05.09 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.05.09 Win32:Rootkit-gen
AVG 9.0.0.787 2010.05.09 -
BitDefender 7.2 2010.05.10 Trojan.Peed.Gen
CAT-QuickHeal 10.00 2010.05.08 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.09 -
Comodo 4800 2010.05.09 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.10 Trojan.Siggen1.28028
eSafe 7.0.17.0 2010.05.09 -
eTrust-Vet 35.2.7474 2010.05.07 -
F-Prot 4.5.1.85 2010.05.09 -
F-Secure 9.0.15370.0 2010.05.10 Trojan.Peed.Gen
Fortinet 4.1.133.0 2010.05.09 -
GData 21 2010.05.10 Trojan.Peed.Gen
Ikarus T3.1.1.84.0 2010.05.10 Trojan.Win32.Pincav
Jiangmin 13.0.900 2010.05.09 Trojan/Pincav.ewu
Kaspersky 7.0.0.125 2010.05.09 Trojan.Win32.Pincav.zor
McAfee 5.400.0.1158 2010.05.09 PWS-Mmorpg!pa
McAfee-GW-Edition 2010.1 2010.05.09 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5703 2010.05.09 Trojan:Win32/Malagent
NOD32 5099 2010.05.10 a variant of Win32/Kryptik.DXI
Norman 6.04.12 2010.05.09 -
nProtect 2010-05-09.01 2010.05.09 Trojan.Peed.Gen
Panda 10.0.2.7 2010.05.09 Trj/CI.A
PCTools 7.0.3.5 2010.05.07 -
Prevx 3.0 2010.05.10 High Risk Cloaked Malware
Rising 22.46.06.04 2010.05.09 Trojan.Win32.Generic.5203053E
Sophos 4.53.0 2010.05.09 Sus/UnkPack-C
Sunbelt 6283 2010.05.10 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.05.10 -
TheHacker 6.5.2.0.277 2010.05.10 Trojan/Kryptik.dxi
TrendMicro 9.120.0.1004 2010.05.09 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.10 -
VBA32 3.12.12.4 2010.05.06 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.5.8.2306 2010.05.09 Trojan.Win32.Pincav.53248.U
VirusBuster 5.0.27.0 2010.05.09 -
 
추가 정보
File size: 53248 bytes
MD5...: ef0a929469019e21809bf2b3ca1a9be8
SHA1..: 6581aa9311056612a1a42de323e8b1d0478b4a96
SHA256: ad8a92588c3b10d0191cc8c6b1a7a979c9927f872756a6c5e2e39286741e80fd
검사 파일: 57.exe 전송 시각: 2010.05.10 00:47:04 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.09 Trojan.Peed!IK
AhnLab-V3 2010.05.09.00 2010.05.08 Win-Trojan/Pincav.53248.AZ
AntiVir 8.2.1.236 2010.05.09 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.07 -
Authentium 5.2.0.5 2010.05.09 -
Avast 4.8.1351.0 2010.05.09 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.09 Win32:Malware-gen
AVG 9.0.0.787 2010.05.09 Generic17.BVCK
BitDefender 7.2 2010.05.10 Trojan.Peed.Gen
CAT-QuickHeal 10.00 2010.05.08 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.09 -
Comodo 4800 2010.05.09 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.10 -
eSafe 7.0.17.0 2010.05.09 -
eTrust-Vet 35.2.7474 2010.05.07 -
F-Prot 4.5.1.85 2010.05.09 -
F-Secure 9.0.15370.0 2010.05.10 Trojan.Peed.Gen
Fortinet 4.1.133.0 2010.05.09 -
GData 21 2010.05.10 Trojan.Peed.Gen
Ikarus T3.1.1.84.0 2010.05.10 Trojan.Peed
Jiangmin 13.0.900 2010.05.09 Trojan/Pincav.ewu
Kaspersky 7.0.0.125 2010.05.09 Trojan.Win32.Pincav.zph
McAfee 5.400.0.1158 2010.05.09 PWS-Mmorpg!pa
McAfee-GW-Edition 2010.1 2010.05.09 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5703 2010.05.09 Trojan:Win32/Malagent
NOD32 5099 2010.05.10 a variant of Win32/Kryptik.DXI
Norman 6.04.12 2010.05.09 -
nProtect 2010-05-09.01 2010.05.09 Trojan.Peed.Gen
Panda 10.0.2.7 2010.05.09 Trj/CI.A
PCTools 7.0.3.5 2010.05.07 -
Prevx 3.0 2010.05.10 High Risk Cloaked Malware
Rising 22.46.06.04 2010.05.09 Trojan.Win32.Generic.520303BB
Sophos 4.53.0 2010.05.09 Sus/UnkPack-C
Sunbelt 6283 2010.05.10 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.05.10 -
TheHacker 6.5.2.0.277 2010.05.10 -
TrendMicro 9.120.0.1004 2010.05.09 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.10 -
VBA32 3.12.12.4 2010.05.06 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.5.8.2306 2010.05.09 Trojan.Win32.Pincav.53248.W
VirusBuster 5.0.27.0 2010.05.09 -
 
추가 정보
File size: 53248 bytes
MD5...: 03cf9da736a31756cca52595788a4396
SHA1..: 496889dcca7e74de7a936b7287dd3d60ad9d6c8d
SHA256: 675ecc107bf056e259f9585236fdbbc7e9ed3d05e9873405e571599c5f66c425
검사 파일: data.exe 전송 시각: 2010.05.10 00:49:34 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.09 -
AhnLab-V3 2010.05.09.00 2010.05.08 -
AntiVir 8.2.1.236 2010.05.09 -
Antiy-AVL 2.0.3.7 2010.05.07 -
Authentium 5.2.0.5 2010.05.09 -
Avast 4.8.1351.0 2010.05.09 -
Avast5 5.0.332.0 2010.05.09 -
AVG 9.0.0.787 2010.05.09 -
BitDefender 7.2 2010.05.10 -
CAT-QuickHeal 10.00 2010.05.08 -
ClamAV 0.96.0.3-git 2010.05.09 -
Comodo 4800 2010.05.09 -
DrWeb 5.0.2.03300 2010.05.10 -
eSafe 7.0.17.0 2010.05.09 -
eTrust-Vet 35.2.7474 2010.05.07 -
F-Prot 4.5.1.85 2010.05.09 -
F-Secure 9.0.15370.0 2010.05.10 -
Fortinet 4.1.133.0 2010.05.09 -
GData 21 2010.05.10 -
Ikarus T3.1.1.84.0 2010.05.10 -
Jiangmin 13.0.900 2010.05.09 -
Kaspersky 7.0.0.125 2010.05.09 -
McAfee 5.400.0.1158 2010.05.09 -
McAfee-GW-Edition 2010.1 2010.05.09 -
Microsoft 1.5703 2010.05.09 -
NOD32 5099 2010.05.10 -
Norman 6.04.12 2010.05.09 -
nProtect 2010-05-09.01 2010.05.09 -
Panda 10.0.2.7 2010.05.09 -
PCTools 7.0.3.5 2010.05.07 -
Prevx 3.0 2010.05.10 -
Rising 22.46.06.04 2010.05.09 -
Sophos 4.53.0 2010.05.09 -
Sunbelt 6283 2010.05.10 -
Symantec 20091.2.0.41 2010.05.10 -
TheHacker 6.5.2.0.277 2010.05.10 -
TrendMicro 9.120.0.1004 2010.05.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.10 -
VBA32 3.12.12.4 2010.05.06 -
ViRobot 2010.5.8.2306 2010.05.09 -
VirusBuster 5.0.27.0 2010.05.09 -
 
추가 정보
File size: 20992 bytes
MD5...: 81b9fb99a58f0e41f1d6c8784dc04397
SHA1..: cd7e5e3b06bdc35e139e307eed89a9f755105997
SHA256: 9df598a6cac3057c277f27e1f02b25b11c4ca648257ab1d182f8266f15a82bf6
검사 파일: DATA.EXE_xor 전송 시각: 2010.05.10 00:50:26 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.09 -
AhnLab-V3 2010.05.09.00 2010.05.08 ASD.Prevention
AntiVir 8.2.1.236 2010.05.09 TR/Vilsel.acwl.7
Antiy-AVL 2.0.3.7 2010.05.07 -
Authentium 5.2.0.5 2010.05.09 -
Avast 4.8.1351.0 2010.05.09 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.05.09 Win32:Rootkit-gen
AVG 9.0.0.787 2010.05.09 Win32/PEPatch.BM
BitDefender 7.2 2010.05.10 Generic.Malware.FBg.E55EA39E
CAT-QuickHeal 10.00 2010.05.08 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.09 -
Comodo 4800 2010.05.09 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.10 Trojan.PWS.Wsgame.origin
eSafe 7.0.17.0 2010.05.09 Suspicious File
eTrust-Vet None 2010.05.07 -
F-Prot 4.5.1.85 2010.05.09 -
F-Secure 9.0.15370.0 2010.05.10 Generic.Malware.FBg.E55EA39E
Fortinet 4.1.133.0 2010.05.09 W32/Vilsel.ACWL!tr
GData 21 2010.05.10 Win32:Rootkit-gen
Ikarus T3.1.1.84.0 2010.05.10 -
Jiangmin 13.0.900 2010.05.09 Trojan/Vilsel.gqc
Kaspersky 7.0.0.125 2010.05.09 Trojan.Win32.Vilsel.acwl
McAfee 5.400.0.1158 2010.05.09 Suspect-02!3EA6444D45E6
McAfee-GW-Edition 2010.1 2010.05.09 Artemis!3EA6444D45E6
Microsoft 1.5703 2010.05.09 Trojan:Win32/Meredrop
NOD32 5099 2010.05.10 probably a variant of Win32/PSW.OnLineGames.OUF
Norman 6.04.12 2010.05.09 -
nProtect 2010-05-09.01 2010.05.09 -
Panda 10.0.2.7 2010.05.09 W32/Spamta.QO.worm
PCTools 7.0.3.5 2010.05.07 -
Prevx 3.0 2010.05.10 -
Rising 22.46.06.04 2010.05.09 -
Sophos 4.53.0 2010.05.09 -
Sunbelt 6283 2010.05.10 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.05.10 -
TheHacker 6.5.2.0.277 2010.05.10 -
TrendMicro 9.120.0.1004 2010.05.09 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.10 -
VBA32 3.12.12.4 2010.05.06 Malware-Cryptor.Win32.Krap
ViRobot 2010.5.8.2306 2010.05.09 -
VirusBuster 5.0.27.0 2010.05.09 -
 
추가 정보
File size: 20992 bytes
MD5...: 3ea6444d45e625c2c03887850257a54b
SHA1..: c273744e80632b3f7133a0dca417e99c7bca9f4e
SHA256: c9481aee4d3a87634284f2af34728dab5737b71a1f518dd1aea0a282e2f3d1ef
검사 파일: test.exe 전송 시각: 2010.05.10 00:49:41 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.09 Trojan.Peed!IK
AhnLab-V3 2010.05.09.00 2010.05.08 Malware/Win32.Heur.h4
AntiVir 8.2.1.236 2010.05.09 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.07 -
Authentium 5.2.0.5 2010.05.09 -
Avast 4.8.1351.0 2010.05.09 -
Avast5 5.0.332.0 2010.05.09 -
AVG 9.0.0.787 2010.05.09 -
BitDefender 7.2 2010.05.10 Trojan.Peed.Gen
CAT-QuickHeal 10.00 2010.05.08 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.09 -
Comodo 4800 2010.05.09 -
DrWeb 5.0.2.03300 2010.05.10 Trojan.Siggen1.28134
eSafe 7.0.17.0 2010.05.09 -
eTrust-Vet 35.2.7474 2010.05.07 -
F-Prot 4.5.1.85 2010.05.09 -
F-Secure 9.0.15370.0 2010.05.10 Trojan.Peed.Gen
Fortinet 4.1.133.0 2010.05.09 -
GData 21 2010.05.10 Trojan.Peed.Gen
Ikarus T3.1.1.84.0 2010.05.10 Trojan.Peed
Jiangmin 13.0.900 2010.05.09 -
Kaspersky 7.0.0.125 2010.05.09 Trojan.Win32.Pincav.zqo
McAfee 5.400.0.1158 2010.05.09 -
McAfee-GW-Edition 2010.1 2010.05.09 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5703 2010.05.09 Trojan:Win32/Malagent
NOD32 5099 2010.05.10 a variant of Win32/Kryptik.DXI
Norman 6.04.12 2010.05.09 -
nProtect 2010-05-09.01 2010.05.09 Trojan.Peed.Gen
Panda 10.0.2.7 2010.05.09 Trj/CI.A
PCTools 7.0.3.5 2010.05.07 -
Prevx 3.0 2010.05.10 High Risk Cloaked Malware
Rising 22.46.06.04 2010.05.09 Trojan.Win32.Generic.52031ABB
Sophos 4.53.0 2010.05.09 Sus/UnkPack-C
Sunbelt 6283 2010.05.10 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.05.10 -
TheHacker 6.5.2.0.277 2010.05.10 -
TrendMicro 9.120.0.1004 2010.05.09 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.10 -
VBA32 3.12.12.4 2010.05.06 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.5.8.2306 2010.05.09 -
VirusBuster 5.0.27.0 2010.05.09 -
 
추가 정보
File size: 52736 bytes
MD5...: 59fa3bd14812eeb10fb978a16d01614b
SHA1..: cd60891c7b11534c264a1378d4ac5d660b732b82
SHA256: 73e0a9a30910bb47e5c9b44964fc6b73a3f5688c54a4ef0e03020721dbafea61

 

모든샘플은 안철수연구소와 이스트 소프트에 신고합니다.

 

[안철수연구소]

1 rl.jpg ~> 분석중
2 exam.asp ~> 분석중
3 ytl.jpg ~> 분석중
4 yt1.jpg ~> 분석중
5 data.exe ~> 분석중 
6 css.htm ~> 분석중
7 time.js ~> 분석중
8 test.exe ~> 분석중
9 NACookieManage.aspx ~> 분석중
10 57.exe ~> V3 : Win-Trojan/Pincav.53248.AZ(추가 : 2010.05.09.00)
11 box.exe ~>V3 : Win-Trojan/Magania.53248.AA(추가 : 2010.05.07.07) 
12 isa.exe ~> V3 : Win-Trojan/Pincav.54784.U(추가 : 2010.05.01.00)
13 lib.asp ~> V3 : JS/Downloader(추가 : 2010.04.23.02)
14 time.asp ~> V3 : JS/Agent(추가 : 2010.04.19.02)

 [이스트 소프트]

오늘 DB에 추가 할 예정!

자세한정보 : http://cafe.naver.com/malzero/56184

댓글을 달아 주세요